The Seattle Times Company

NWjobs | NWautos | NWhomes | NWsource | Free Classifieds |

Business / Technology

Our network sites | Advanced

Originally published February 22, 2005 at 12:00 AM | Page modified February 22, 2005 at 2:14 PM

E-mail E-mail article      Print Print      Share Share

ID security breach may affect people in every state, firm says

ChoicePoint, under fire for being duped into allowing criminals to access its massive database of personal information, said yesterday that...

The Associated Press

ATLANTA — ChoicePoint, under fire for being duped into allowing criminals to access its massive database of personal information, said yesterday that consumers in all 50 states, the District of Columbia and three U.S. territories may have been affected by the breach of the company's credentialing process.

The data warehouser also announced plans to rescreen 17,000 business customers to make sure they are legitimate.

Identity-theft vulnerability in the West

ChoicePoint listed how many warning notices it has sent to residents of each state.

Alaska: 251 Arizona: 1,730

California: 34,114 Idaho: 3,216

Montana: 107 Nevada: 739

Oregon: 1,947 Utah: 986

Washington: 3,189

ChoicePoint said it is almost done notifying by mail all of the potential victims. California authorities have said as many as 500,000 people may have been affected, but ChoicePoint disputes that number.

"All I can tell you is our number is roughly 145,000, and we know that we're over-notifying," ChoicePoint marketing director James Lee said. "There will be duplications in there."

Last week, attorneys general in 38 states demanded ChoicePoint inform all affected consumers that they might be vulnerable to identity theft amid concerns the company was foot-dragging. Other officials have also become involved, with two U.S. senators calling for hearings and stepped-up regulations to protect consumers.

ChoicePoint said any business that is not publicly traded or not a government agency will have to be recredentialed to use its services.

The Alpharetta, Ga.-based company said it has hired a retired Secret Service agent to help revamp its verification process. It also has paid for a one-year subscription to a credit-monitoring service for each of the 144,778 people the breach may have affected.

Protecting yourself

• Check your credit report. Seeing all of the credit accounts open in your name can help you spot identity theft. Here's help:

• Don't give your Social Security number unless absolutely necessary.

• Don't carry your Social Security card, passport or birth certificate in your wallet. Carry as few credit cards as possible, and photocopy them to make canceling easier if your wallet is lost or stolen.

• Rip up paper containing personal information before throwing it away.

• Mail checks and other critical correspondence in a secure postal-service box, not your personal mailbox.

• Never give out personal information over the phone to a stranger who calls you.

• When shopping online, buy from reputable sites and pay with one credit card (that has zero liability, such as Visa), a smart card or other card with a limited amount of credit, or a secure payment service, such as PayPal.

• Review your credit-card statement every month.


Which of your behaviors put you at risk? Take a quiz

If your identity has been stolen

• File a police report and get a copy to give banks and credit-card companies that require proof.

• Cancel your credit-card accounts and get new ones that are password protected. Close any accounts that have been opened in your name.

• Contact the fraud department of any of the three major credit-reporting bureaus and have them place a fraud alert on your credit file.

• If your Social Security number has been used, notify the Social Security Administration's Office of the Inspector General.

• File a complaint with the Federal Trade Commission's Consumer Response Center.


The company said the smallest number of possible victims — two — was in the U.S. Virgin Islands, while the largest number — 34,114 — was in California.

In Washington, 3,189 residents are getting warning notices, the company said. It released a state-by-state breakdown yesterday. People in Puerto Rico and Guam also may have been affected.

Formed in 1997 as a spinoff of credit-reporting agency Equifax, ChoicePoint has 19 billion public records in its database at its suburban Atlanta headquarters, including motor-vehicle registrations, license and deed transfers, military records, names, addresses and Social Security numbers.

"It will involve the revalidation of any information they previously provided as well as requests for additional information," Lee said. "Certain customers will receive site visits, but I can't be more specific than that because we don't want to reveal too much."

He said it could take up to 60 days to recredential the affected customers.

Once recredentialed, those customers will no longer get access to consumers' Social Security numbers, dates of birth and driver's license numbers unless they are sponsored by a public company or government agency, Lee said.

The company said in a statement that it is seeking to "remove information in those segments where organized crime fraud is likely to occur."

The customers affected represent less than 5 percent of the company's $900 million in annual revenue.

The company acknowledged last week that thieves apparently used previously stolen identities to create what appeared to be legitimate businesses seeking ChoicePoint accounts. The thieves then opened up 50 accounts and received volumes of data on consumers, including names, addresses, Social Security numbers and credit reports.

The ring, which operated for more than a year before it was detected, used the information to defraud at least 750 people, according to investigators in California.

Like any business that opens an account with ChoicePoint, the suspect companies were given an access code and password that allowed them to use ChoicePoint's database.

ChoicePoint says it puts applicants for accounts through rigorous protocols such as verifying business licenses and individual's names and background checks.

In this case, the thieves — posing as check-cashing companies or debt-collection firms — provided business licenses that appeared to be legitimate and used the names of real people with clean criminal records.

The company caught on later by tracking the pattern of the searches the suspects conducted.

The company learned of the problem in October but did not notify those customers who were possibly affected until this month because authorities did not want to jeopardize their investigation.

E-mail E-mail article      Print Print      Share Share

More Business & Technology

UPDATE - 09:46 AM
Exxon Mobil wins ruling in Alaska oil spill case

UPDATE - 09:32 AM
Bank stocks push indexes higher; oil prices dip

UPDATE - 08:04 AM
Ford CEO Mulally gets $56.5M in stock award

UPDATE - 07:54 AM
Underwater mortgages rise as home prices fall

NEW - 09:43 AM
Warner Bros. to offer movie rentals on Facebook

More Business & Technology headlines...


Get home delivery today!



AP Video

Entertainment | Top Video | World | Offbeat Video | Sci-Tech